/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ *
+ *
* Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.7 2000/05/17 21:37:24 deraadt Exp $");
+RCSID("$OpenBSD: auth.c,v 1.11 2000/10/11 20:27:23 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
#include "pty.h"
#include "packet.h"
#include "buffer.h"
-#include "cipher.h"
#include "mpaux.h"
#include "servconf.h"
#include "compat.h"
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#include <shadow.h>
+#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
#include "bufaux.h"
#include "ssh2.h"
#include "auth.h"
#include "session.h"
-#include "dispatch.h"
-
/* import */
extern ServerOptions options;
-extern char *forced_command;
/*
* Check if the user is allowed to log in via ssh. If user is listed in
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
#endif /* WITH_AIXAUTHENTICATE */
+#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
+ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+ struct spwd *spw;
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw)
return 0;
- /* deny if shell does not exists or is not executable */
+ spw = getspnam(pw->pw_name);
+ if (spw != NULL) {
+ int days = time(NULL) / 86400;
+
+ /* Check account expiry */
+ if ((spw->sp_expire >= 0) && (days > spw->sp_expire))
+ return 0;
+
+ /* Check password expiry */
+ if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
+ (days > (spw->sp_lstchg + spw->sp_max)))
+ return 0;
+ }
+#else
+ /* Shouldn't be called if pw is NULL, but better safe than sorry... */
+ if (!pw)
+ return 0;
+#endif
+
/*
* Get the shell from the password data. An empty shell field is
* legal, and means /bin/sh.
}
#ifdef WITH_AIXAUTHENTICATE
- if (loginrestrictions(pw->pw_name,S_RLOGIN,NULL,&loginmsg) != 0) {
+ if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
if (loginmsg && *loginmsg) {
/* Remove embedded newlines (if any) */
char *p;
- for (p = loginmsg; *p; p++)
+ for (p = loginmsg; *p; p++) {
if (*p == '\n')
*p = ' ';
+ }
/* Remove trailing newline */
*--p = '\0';
- log("Login restricted for %s: %.100s",
- pw->pw_name, loginmsg);
+ log("Login restricted for %s: %.100s", pw->pw_name, loginmsg);
}
return 0;
}
andersk / openssh.git / blobdiff